SB20250520134 - Use-after-free in Linux kernel display amdgpu_dm driver
Published: May 20, 2025 Updated: May 21, 2025
Security Bulletin ID
SB20250520134
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-37903)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3a782a83d130ceac6c98a87639ddd89640bff486
- https://git.kernel.org/stable/c/bbc66abcd297be67e3d835276e21e6fdc65205a6
- https://git.kernel.org/stable/c/be593d9d91c5a3a363d456b9aceb71029aeb3f1d
- https://git.kernel.org/stable/c/dd329f04dda35a66e0c9ed462ba91bd5f2c8be70
- https://git.kernel.org/stable/c/e25139c4aa5621f2db8e86688c33546cdd885e42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138